Dangerous email messages

Previously, cybercriminals used attachments with the .exe extension, but over time, it became obvious to most users that it was unsafe to click such files. Antiviruses and mail filters warned of the risks of infection, so hackers had to improve their tactics.

Today, malicious programs are carefully masked: the infection may come as part of less suspicious attachments, for example, inside .doc or .pdf files, or get downloaded after users mistakenly click a link located in the body of an email. Hackers hide real web addresses using homographattacks. The messages are also disguised. They are perfectly designed and do not differ from the usual business correspondence.

So, what types of attachments are most often used by cybercriminals today? Archives (.zip or .rar) represent four out of the ten most popular file formats used by phishers.

Antiviruses detect the bulk of dangerous attachments. So, the problem is not limited to attachments alone. Attackers can insert a JS script into the message body for it to later download a malicious program.

Based on the above, I want to stress that when using the email channel, malware is mainly spread through attachments, as well as through links and scripts in the body of the email.

Popular types of malware spread by email

Ransomware

The goal of criminals is to encrypt valuable information on servers or client devices and demand payment from the victim for the decryption key. As a rule, crooks require victims to use Bitcoin or other cryptocurrencies to transfer the ransom payment.

Backdoors

Backdoors are programs that criminals install on a computer in order to be able to perform any action with it, for example, to control it remotely.

Miners

These are tools created for stealthy background mining of cryptocurrency. While the user is working with his device, the program does not show any tangible activity; however, when the computer is not in active use, the miner begins to exploit its computing resources.